Opened 5 weeks ago
Last modified 5 weeks ago
#63159 new defect (bug)
load_textdomain tries to load the current working directory as a file
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | |
| Component: | General | Keywords: | has-patch |
| Focuses: | Cc: |
Description
It all stems from this line in wp-includes/l10n.php
<?php $success = $i18n_controller->load_file( $file, $domain, $locale ); if ( $success ) { if ( isset( $l10n[ $domain ] ) && $l10n[ $domain ] instanceof MO) { $i18n_controller->load_file( $l10n[ $domain ]->get_filename(), $domain, $locale ); }
There is no guarantee that $l10n[ $domain ]->get_filename() is not empty there
And if it is, there is no sane check and it tries to load a translation on realpath('') which is the current working directory
While it doesn't cause any direct issues, this is just something I came accross while debugging and I think the following patch should be done
--- wp/wp-includes/l10n.php.old 2025-03-25 03:13:47.957506010 +0100
+++ wp/wp-includes/l10n.php 2025-03-25 03:14:15.295131388 +0100
@@ -844,7 +844,7 @@
$success = $i18n_controller->load_file( $file, $domain, $locale );
if ( $success ) {
- if ( isset( $l10n[ $domain ] ) && $l10n[ $domain ] instanceof MO ) {
+ if ( isset( $l10n[ $domain ] ) && $l10n[ $domain ] instanceof MO && !empty($l10n[ $domain ]->get_filename())) {
$i18n_controller->load_file( $l10n[ $domain ]->get_filename(), $domain, $locale );
}
Or alternatively before realpath check if $translation_file is empty in WP_Translation_Controller
Change History (1)
This ticket was mentioned in PR #8580 on WordPress/wordpress-develop by Tofandel.
5 weeks ago
#1
- Keywords has-patch added
Sane checking in WP_Translation_Controller::load_file, if trying to load an empty filename, abort early
Trac ticket: https://core.trac.wordpress.org/ticket/63159#ticket